CVE-2025-46330: Snowflake Connector for C/C++ retries malformed requests

3.3 CVSS

Description

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.

Classification

CVE ID: CVE-2025-46330

CVSS Base Severity: LOW

CVSS Base Score: 3.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem Types

CWE-573: Improper Following of Specification by Caller

Affected Products

Vendor: snowflakedb

Product: libsnowflakeclient

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.83% (scored less or equal to compared to others)

EPSS Date: 2025-05-28 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46330
https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm
https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2

Timeline

2025-04-29 05:40:17 UTC
CVE

Snowflake Connector for C/C++ retries malformed requests